1 / 9

DMP: A proposal for Security Manager Interface

DMP: A proposal for Security Manager Interface. Sergio Sagliocco Victoria Alvaro SecureLab, Technology Department. SAV e Security Manager.

Download Presentation

DMP: A proposal for Security Manager Interface

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DMP: A proposal for Security Manager Interface Sergio Sagliocco Victoria Alvaro SecureLab, Technology Department

  2. SAV e Security Manager • The Security Manager is a component of the SAV that permit the interaction with the cryptographic key material. It exports an applicative interface in order to execute high level operation • The implementation of the Security manager is strongly related to how the private key and certificate are stored. For this reason is necessary to split the security manager in two layer: an applicative frontend and one or more cryptographic engines. • For example a user could use a certificate in PKCS12 file, in Java Key store or in a smart card. • So the user have to be able to choose the key management system able to manage own keys

  3. Architecture SAV Manager Security Manager Engine PKCS12 Engine CNS Engine CIE

  4. Security Manager Engine Requirements • Each engine exports a well know interface to the security manager. The interface permits to call the following services: • Initialization / Finalization (i.e.: integrity check of the key store, initialization of the smart card reader,…) • Login/Logout (i.e.: request of the PIN and unblock private key) • Decryption • Configuration (i.e.: path of the PKCS12 or java key store) • Generation of a new key pair (enrollment) • Installation of a certificate • Enumeration of installed certificates • Elimination of a installed certificate

  5. Engine Interface

  6. Notes • Depending on implementation language, each method have to manage error conditions • The CONFIG method have to manage the GUI required to configure the engine • In the ENROLL method the flag parameter represents a bit mask indicating particular attributes (i.e. ability to export private key) • Idtype represent the key to search and select a certificate (i.e.: Issuer plus Serial Number, public key hash, …). Id represents the value

  7. Security Manager Interface • The security manager exports an interface for the SAV manager • This interface have to export engines services adding some method in order to manage the engines: • Enumeration of installed engines • Installation of new engines • Elimination of an installed engine • Engine configuration • Enabling / Disabling an installed engine • In addition to the above methods the Security Manager can exports some utility functions like the following: • Hash calculation • Format conversion (PEM,DER,TXT,…) • Symmetric Encryption Functions (DES,AES,…) • …

  8. Security Manager Interface

  9. Contacts Sergio Sagliocco SecureLab – Direzione Tecnologie mail: sergio.sagliocco@csp.it cell: +39 3486024078tel. +39 011 4815140 CSP innovazione nelle ICT Sede via Livorno 60 - 10144 TorinoEdificio Laboratori A1Tel +39 011 4815111Fax +39 011 4815001E-mail: info@csp.it Seconda sede operativaVilla Gualino - Viale Settimio Severo 6510133 Torino www.csp.it

More Related